Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

document how to configure Putty

Browse Source
This commit is contained in:
buchel_k
2023-02-03 10:48:15 +01:00
parent 513bb6f215
commit d38edce29b
4 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
user-guide/index.md
+1
View File
@@ -17,3 +17,4 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
- [Connect Evolution with Office365](evolution_for_o365)
- [Connect Thunderbird with Office365](thunderbird_for_o365)
- Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host)
- AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty)
user-guide/putty.md
+24
View File
@@ -0,0 +1,24 @@
# SSH Access from Windows using Putty
## Kerberos/AFS Failures with Default Settings
The default settings of Putty allows to connect to a Linux host. But when there are services depending on Kerberos like AFS then that will fail:
![Failing AFS](putty/missing_kerberos_ticket_delegation.png)
This is due to missing Kerberos ticket delegation. Note that you may recover from this on the Linux shell by entering `kinit` and then your password to opain a new Kerberos ticket and `aklog` to log into AFS.
## Configure Kerberos
To avoid this issue Kerberos ticket delagation can be configured in Putty.
In the settings select "Connection" -> "SSH" -> "Auth" -> "GSSAPI" and select therein "Allow GSSAPI credential delegation".
Note that you need also to remove the tick at "Attempt GSSAPI key exchange" because else it will not work.
![Working AFS](putty/working_kerberos_ticket_delegation.png)
## Long Running Programs/Simulations
The delegated Kerberos ticket from Windows can only be renewed for less than one day. So at some point after AFS will refuse access.
To get a longer valid Kerberos ticket on the Linux machine, type `kinit` and authenticate yourself with your password. The newly acquired Kerberos ticket can renewed for one week and AFS is happy as long too.
Alternatively you my disable Kerberos/GSSAPI authentication in Putty altogehter. But then you need always to enter your password when connecting to your Linux machine. But it will then always get a new Kerberos ticket renewable for one week.
user-guide/putty/missing_kerberos_ticket_delegation.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

user-guide/putty/working_kerberos_ticket_delegation.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 203 KiB